General

  • Target

    df6295dd1ead4d68fbd94b9bfb3818511def8111208b5aa3e4df8687a9fad51e

  • Size

    272KB

  • Sample

    231209-chm78affe4

  • MD5

    05604b7d20a7d61c044d23bf9ee29acd

  • SHA1

    ed4bc7b907ec9645d5dee53c527cccb2d38a5448

  • SHA256

    df6295dd1ead4d68fbd94b9bfb3818511def8111208b5aa3e4df8687a9fad51e

  • SHA512

    03fe4f53d017b6eaa0dcf5225598f220669c9b4f47d9f57b97f8845212e256419388249922cc364f532d945476869d789ab6a98e486365b96c265d16ca334601

  • SSDEEP

    6144:q48F7QsyKtpw9hAcGTJscDoAb0XWRnTqAJ:KF7pye4hAc8oi0Xkz

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.etasimali.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    RECRUTEMENT@2023

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      df6295dd1ead4d68fbd94b9bfb3818511def8111208b5aa3e4df8687a9fad51e

    • Size

      272KB

    • MD5

      05604b7d20a7d61c044d23bf9ee29acd

    • SHA1

      ed4bc7b907ec9645d5dee53c527cccb2d38a5448

    • SHA256

      df6295dd1ead4d68fbd94b9bfb3818511def8111208b5aa3e4df8687a9fad51e

    • SHA512

      03fe4f53d017b6eaa0dcf5225598f220669c9b4f47d9f57b97f8845212e256419388249922cc364f532d945476869d789ab6a98e486365b96c265d16ca334601

    • SSDEEP

      6144:q48F7QsyKtpw9hAcGTJscDoAb0XWRnTqAJ:KF7pye4hAc8oi0Xkz

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks